-
Notifications
You must be signed in to change notification settings - Fork 0
70 lines (63 loc) · 3.01 KB
/
cd-check-openssl-release.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
name: CD Check OpenSSL Release
on:
schedule:
- cron: '0 15 * * mon-fri'
workflow_dispatch:
jobs:
openssl-update:
runs-on: ubuntu-latest
steps:
- name: Get versions
id: GET_VERSIONS
run: |
BOOL="$(curl -s https://api.github.com/repos/openssl/openssl/releases | jq '.[0] | .prerelease')"
if $BOOL; then
echo "Pre-release, skipping"
exit 1
else
echo OPENSSL_VERSION="$(curl -s https://api.github.com/repos/openssl/openssl/releases | jq '.[0] | .name' -r | grep -Eo '([0-9]+)(\.?[0-9]+)*' | head -1)" >> $GITHUB_OUTPUT
echo OPENSSL_BUILDENV_VERSION="$(curl -s https://api.github.com/repos/madnuttah/openssl-buildenv/releases | jq '.[0] | .name' -r | grep -Eo '([0-9]+)(\.?[0-9]+)*' | head -1)" >> $GITHUB_OUTPUT
fi
- name: Is update available
id: IS_UPDATE_AVAILABLE
run: |
if $(dpkg --compare-versions "${{ steps.GET_VERSIONS.outputs.OPENSSL_BUILDENV_VERSION }}" "lt" "${{ steps.GET_VERSIONS.outputs.OPENSSL_VERSION }}"); then
echo "Update found"
echo OPENSSL_SHA256="$(curl -s https://github.com/openssl/openssl/releases/download/openssl-"${{ steps.GET_VERSIONS.outputs.OPENSSL_VERSION }}"/openssl-"${{ steps.GET_VERSIONS.outputs.OPENSSL_VERSION }}".tar.gz.sha256 | xargs)" >> $GITHUB_OUTPUT
else
echo "No update found"
exit 1
fi
- name: Checkout source
uses: actions/checkout@v4
with:
persist-credentials: false
- name: Import GPG key
id: IMPORT_GPG
uses: crazy-max/ghaction-import-gpg@v6
with:
gpg_private_key: ${{ secrets.BOT_GPG_PRIVATE_KEY }}
passphrase: ${{ secrets.BOT_GPG_PASSPHRASE }}
git_user_signingkey: false
git_commit_gpgsign: false
git_push_gpgsign: false
trust_level: 5
- name: Push buildvars to repository
env:
GITHUB_TOKEN: ${{ secrets.BOT_GITHUB_TOKEN }}
GIT_AUTHOR_NAME: ${{ steps.IMPORT_GPG.outputs.name }}
GIT_AUTHOR_EMAIL: ${{ steps.IMPORT_GPG.outputs.email }}
GIT_COMMITTER_NAME: ${{ steps.IMPORT_GPG.outputs.name }}
GIT_COMMITTER_EMAIL: ${{ steps.IMPORT_GPG.outputs.email }}
run: |
git remote set-url origin https://x-access-token:${{ secrets.BOT_GITHUB_TOKEN }}@github.com/${{ github.repository }}
OPENSSL_VERSION=${{ steps.GET_VERSIONS.outputs.OPENSSL_VERSION }}
OPENSSL_SHA256=${{ steps.IS_UPDATE_AVAILABLE.outputs.OPENSSL_SHA256 }}
echo BUILDENV_BUILD_DATE="$(date -u)" > buildvars
echo OPENSSL_VERSION="$OPENSSL_VERSION" >> buildvars
echo OPENSSL_SHA256="$OPENSSL_SHA256" >> buildvars
echo OPENSSL_BUILDENV_VERSION="${OPENSSL_VERSION}-0" >> buildvars
git add buildvars
git commit buildvars -m "Updated buildvars"
git push origin main
exit 0